Anonymity label decryption method from certificate public key cryptosyst to identity public key system
Technical field
The invention belongs to field of information security technology, relate to anonymous label close, specifically an efficient anonymity label decryption method from certificate public key cryptosyst to identity public key system, can be used for realizing confidentiality, authentication property and the anonymity from certificate public key cryptosyst to identity public key system message transfer.
Background technology
Along with the fast development of computer network and the communication technology, the information transmission of carrying out between people is more and more frequent.Yet because transmitted information often relates to some sensitive informations, and the such open network of computer network and wireless communication networks has very large fragility, so information security issue highlights day by day.The theoretical foundation of information security is contemporary cryptology, and confidentiality and authentication property are two important Security Targets in cryptography.The confidentiality of message can realize by encryption technology, and the authentication property of message can be realized by digital signature technology.Yet a lot of practical applications not only need to realize confidentiality, also need to realize authentication property, such as ecommerce and Email simultaneously.
In order to realize confidentiality and the authentication property of transmission of messages simultaneously, can adopt traditional " first sign and encrypt afterwards " method, yet the efficiency of this method is conventionally lower.In order to address this problem, Zheng proposed the concept of " signing close " in 1997.Sign and closely can in a rational logic step, complete the function of digital signature and public key encryption simultaneously, and its amount of calculation and communications cost all will be lower than traditional " first sign and encrypt afterwards " methods, thereby it is to realize not only maintaining secrecy but also the comparatively desirable method of authentication ground message transfer.
In 1976, Diffie and Hellman delivered the paper about cryptographic new direction, had proposed first the thought of public key cryptography, had started new era of contemporary cryptology.Measured Digital Signature Algorithm DSA (Digital Signature Algorithm), Korea S scholar Shin, Lee and Shim have proposed two kinds of practical label decryption methods in 2002.Traditional common key cryptosystem, it is certificate common key cryptosystem, although overcome size of key problem and the cipher key distribution problem of symmetric cryptosystem, and user's private key only has user oneself to know, confidentiality is more intense, but also there is a shortcoming in certificate public key cryptosyst: need to manage a large amount of certificates, task is heavy.In certificate public key cryptosyst, a user, before sending message to other users, need to search targeted customer's public key certificate, and the legitimacy of certificate and validity are verified.Searching, store, verify and cancel etc. of certificate all can bring larger computing cost and storage overhead.In order to overcome the above-mentioned shortcoming of certificate public key cryptosyst, the cryptography that Shamir proposed based on identity in 1984.Therefore in identity public key system, user's identity is PKI, the certificate of necessity not.Yet until calendar year 2001, ability has been proposed the encipherment scheme based on identity of first practicality by Boneh and Franklin.In 2002, American scholar Lynn proposed the close scheme of first label based on identity.British scholar Chen and Malone-Lee have proposed a close scheme of the label based on identity that efficiency is higher in 2005.Based on bilinearity pair, the people such as Brazilian scholar Barreto have constructed a close scheme of label based on identity more efficiently.In 2006, Chinese scholar Duan and Cao constructed the close scheme of the label based on identity with multi-receiver.In 2009, India scholar Selvi, Vivek and Srinivasan have proposed the higher close scheme of the label based on identity with multi-receiver of efficiency.
Yet existing label decryption method is mostly only supported a kind of system, or is certificate public key cryptosyst, or be identity public key system.In actual applications, different mechanisms may adopt different common key cryptosystems.When the user A of certificate public key cryptosyst wants to send message to the user B of identity public key system, first A will do the signature based on certificate to message, again signature is done to the encryption based on identity, or need in identity public key system, apply for a pair of public and private key, and then use the label secret skill art based on identity message to be signed close, signing dense literary composition, send to B, the efficiency of these two kinds of methods is all lower, and has increased the complexity of system.In 2010, Chinese scholar Sun and Li constructed the label decryption method between certificate public key cryptosyst and identity public key system.Yet in actual applications, in order to protect the privacy of oneself, the sender of message does not often want to allow any third party learn the source of message.The existing label decryption method from certificate public key cryptosyst to identity public key system, because sender's PKI is directly placed in, sign in dense literary composition, thereby prior art can not realize the anonymity of pass-along message, revealed user's privacy.
Summary of the invention
The object of the invention is to improve fail safe and the efficiency from certificate public key cryptosyst to identity public key system message transfer, a kind of anonymity label decryption method from certificate public key cryptosyst to identity public key system is provided, it is a kind of anonymity label decryption method that can realize simply efficiently from certificate public key cryptosyst to identity public key system, simply to realize efficiently confidentiality, authentication property and the anonymity from certificate public key cryptosyst to identity public key system message transfer, simplification system, improve fail safe and efficiency of transmission.
The technical scheme that realizes the object of the invention is: the PKI to certificate public key cryptosyst user blinds, and calculates the bilinearity pair from certificate public key cryptosyst to identity public key system, then by result of calculation, message is carried out to anonymity and sign close and transmission.
Detailed process is as follows:
(1) system initialization step:
Certificate public key cryptosyst and identity public key system are chosen at random set of parameter from PKI function data storehouse, comprise cyclic group G and G that two rank are prime number q
t, the generator P of G, a bilinearity pair
and three hash function H
0: { 0,1}
*→ G,
With
Here, { 0,1}
*represent the set of the binary sequence composition of any bit long, n is the bit length of clear-text message, { 0,1}
nrepresent the set of the binary sequence composition of n bit long,
represent finite field Z
q=0,1 ..., q-1} removes element zero resulting multiplicative group, according to the parameter of choosing, and certificate public key cryptosyst selecting system PKI tpk and system private key tsk, identity public key system selecting system PKI mpk and system private key msk;
(2) user key generates step:
The user A of certificate public key cryptosyst generates PKI Y by oneself
awith private key x
a; The key generation centre PKG of identity public key system is the identity ID of user B
bas the PKI of user B, and according to ID
bcalculate the private key D of user B with msk
b;
(3) the close step of anonymous label:
According to the private key x of oneself
aidentity ID with the user B of identity public key system
b, the user A of certificate public key cryptosyst carries out anonymity to message m and signs and closely to obtain signing dense civilian C, and C is sent to user B;
(4) separate and sign close step:
Receive after the ciphertext C that the user A by certificate public key cryptosyst sends that the user B character right according to bilinearity of identity public key system is utilized oneself private key D
bciphertext C is separated to label close, obtain message m, authenticate sender's identity simultaneously.
Wherein system PKI tpk and the system private key tsk of the certificate public key cryptosyst described in step (1), and the system PKI mpk of identity public key system and system private key msk, generate in the following manner:
(a) certificate public key cryptosyst from
in choose at random an element as system private key tsk, and computing system PKI tpk=tskP, wherein symbol "-" represents the point multiplication operation on elliptic curve that group G is corresponding;
(b) identity public key system from
in choose at random an element s as system private key msk, and calculate P
0=sP is as system PKI mpk.
The PKI Y of the described user A of step (2) wherein
awith private key x
a, and the private key D of user B
b, generate in the following manner:
(a) the user A of certificate public key cryptosyst from
in choose at random an element as the private key x of oneself
a, and the generator P of G in this private key and system parameters is multiplied each other, calculate the PKI Y of oneself
a=x
ap;
(b) according to the identity ID of system private key s and user B
b, the PKG of identity public key system calculates D
b=sQ
bas the private key of user B, wherein Q
b=H
0(ID
b).
Wherein the user A of the certificate public key cryptosyst described in step (3) utilizes x
aand ID
bmessage m is carried out to anonymity and signs closely, calculate and sign dense civilian C, according to following process, carry out:
(a) user A is from { 0,1}
nin choose at random an element σ;
(b) user A calculates
Be designated as
Symbol wherein
represent bit XOR;
(c) user A calculates respectively h
1y
a, be designated as C
0=h
1y
a, calculate
Be designated as
Wherein symbol " || " represents bit cascade;
(d) according to the result of calculating, user A output ciphertext C=(C
0, C
1), this ciphertext does not comprise the PKI Y of sender A
a.
Wherein the user B of the identity public key system described in step (4) utilizes the private key D of oneself
bciphertext C is separated to label close, according to following process, carries out:
(a) user B resolves to C=(C ciphertext C
0, C
1);
(b) user B calculates
be designated as
(c) user B calculating (h '
1)
-1c
0, be designated as Y '
a=(h '
1)
-1c
0;
(d) user B checking h '
1whether equal
if so, the PKI Y of B output message m=m ' and sender A
a=Y '
a, otherwise think that ciphertext C is invalid.
The invention has the beneficial effects as follows: owing to can hide sender's PKI in signing dense literary composition, thereby protected sender's privacy; Due to only by a bilinearity to having realized confidentiality and the authentication property from certificate public key cryptosyst to identity public key system message transfer, avoided the advanced row digital signature of sender to encrypt again, or arrive first the public and private key of identity public key system application at recipient place, then in identity public key system, message is carried out to the close complex process of label based on identity, thereby simplified system, improved fail safe and efficiency of transmission; Method is simple and practical, has popularizing action.
Below in conjunction with accompanying drawing, the object of the invention, scheme are described further.
Accompanying drawing explanation
Fig. 1 is the schematic diagram communicating to identity public key system from certificate public key cryptosyst;
Fig. 2 is algorithm flow chart of the present invention;
Fig. 3 separates the flow chart of signing close step in algorithm of the present invention.
Embodiment
One, the applied mathematical theory of the present invention and technical term explanation:
1, bilinearity pair
In the present invention, bilinearity pair
a mapping that meets bilinearity, non-degeneracy and computability, it two element map in Groups of Prime Orders G to Groups of Prime Orders G
tin an element.Such as, be defined in Weil on super unusual elliptic curve to Tate to being exactly the bilinearity pair satisfying condition.
2, hash function
Hash function is exactly the input of random length to be transformed into a kind of like this one-way function of output of regular length, and this output is called the cryptographic Hash of this input.The hash function of a safety should meet following condition: 1. export length and fix, generally at least get 128 bits, to resist birthday attack; 2. to each given input, its cryptographic Hash can be calculated easily; 3. the description of given hash function and a cryptographic Hash, find corresponding input be calculate upper infeasible; 4. the description of given hash function, find two different inputs with identical cryptographic Hash be calculate upper infeasible.
3, relevant technologies term
Relevant technologies term of the present invention can be described as follows by Fig. 1:
(1) CA is certificate public key cryptosyst " certificate authority ", is responsible for issuing and managing public key certificate;
(2) PKG is identity public key system " key generation centre ", is responsible for generating user's private key;
(3) node A is a user of certificate public key cryptosyst, is the sender of message;
(4) Node B is a user of identity public key system, is the recipient of message;
(5) the certificate public key cryptosyst in the present invention and identity public key system can be systems independently, can be also two subsystems under certain public key cryptosyst.
Two, implementation procedure of the present invention
With reference to Fig. 1, Fig. 2 and Fig. 3, detailed process of the present invention is as follows:
Step 1, system initialization.
From PKI function data storehouse, choose at random set of parameter, comprise cyclic group G and G that two rank are prime number q
t, the generator P of G, a bilinearity pair
and three hash function H
0: { 0,1}
*→ G,
with
here, { 0,1}
*represent the set of the binary sequence composition of any bit long, n is the bit length of clear-text message, { 0,1}
nrepresent the set of the binary sequence composition of n bit long,
represent finite field Z
q=0,1 ..., q-1} removes element zero resulting multiplicative group; According to the parameter of choosing, certificate public key cryptosyst from
in choose at random an element as system private key tsk, and computing system PKI tpk=tskP, wherein symbol "-" represents the point multiplication operation on elliptic curve that group G is corresponding; Identity public key system from
in choose at random an element s as system private key msk, and calculate P
0=sP is as system PKI mpk.
Step 2, user key generate.
The user A of certificate public key cryptosyst from
in choose at random an element as the private key x of oneself
a, and the generator P of G in this private key and system parameters is multiplied each other, calculate the PKI Y of oneself
a=x
ap; The key generation centre PKG of identity public key system is the identity ID of user B
bas the PKI of user B, and according to the identity ID of system private key s and user B
bcalculate D
b=sQ
bas the private key of user B, wherein Q
b=H
0(ID
b).
Step 3, anonymity are signed close.
The user A of certificate public key cryptosyst utilizes x
aand ID
bmessage m is carried out to anonymity and signs closely, calculate and sign dense civilian C, according to following process, carry out:
(3a) user A is from { 0,1}
nin choose at random an element σ;
(3b) user A calculates
Be designated as
Symbol wherein
represent bit XOR;
(3c) user A calculates respectively h
1y
a, be designated as C
0=h
1y
a, calculate
Be designated as
Wherein symbol " || " represents bit cascade;
(3d) according to the result of calculating, user A output ciphertext C=(C
0, C
1), and this ciphertext is sent to recipient B, as shown in Figure 1, when the user A of certificate public key cryptosyst is during to the user B message transfer of identity public key system, user A carries out anonymity according to above process to message and signs closely, generates and signs dense literary composition transmission.
Step 4, solution are signed close.
As shown in Figure 3, as the dense civilian C=(C of label that receives that the user A of certificate public key cryptosyst sends
0, C
1) after, the user B of identity public key system utilizes the private key D of oneself
bciphertext C is separated to label close, according to following process, carries out:
(4a) deciphering
User B calculates
be designated as
Wherein m ' is clear-text message, and calculates Y '
a=(h '
1)
-1c
0pKI as sender;
(4b) authentication
By the σ ' obtaining above || m ' || h '
1and Y '
a, the user B of identity public key system calculates
Checking h '
1whether equal
If so, the PKI Y of B output message m=m ' and sender A
a=Y '
a, otherwise think that ciphertext C is invalid.
More than show and description has illustrated basic principle of the present invention, principal character and advantage of the present invention; The technical staff of the industry should understand, the present invention is not restricted to the described embodiments, that in above-described embodiment and specification, describes just illustrates principle of the present invention, the present invention also has various changes and modifications without departing from the spirit and scope of the present invention, and these changes and improvements all fall in the claimed scope of the invention; The claimed scope of the present invention is defined by appending claims and equivalent thereof.